Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges

The affected versions include Current Release (CR) versions of Citrix Virtual Apps and Desktops before 2503, and Long Term Service Release (LTSR) versions, including Citrix Virtual Apps and Desktops 2402 LTSR CU2 and earlier versions of 2402 LTSR. The vulnerability, tracked as CVE-2025-6759, affects multiple versions of Citrix Virtual Apps and Desktops and Citrix DaaS platforms, posing significant risks to enterprise environments relying on these virtualization solutions. LTSR customers should install specific updates: Citrix Virtual Apps and Desktops 2402 LTSR CU1 Update 1 (CTX694848) and Citrix Virtual Apps and Desktops 2402 LTSR CU2 Update 1 (CTX694849). Affected versions include Current Release builds before 2503 and 2402 LTSR CU2/earlier, while 2203 LTSR is unaffected.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 09 Jul 2025 10:45:14 +0000

Cyber News related to Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges

CVE-2007-2850 - The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a ...
7 years ago

US Health Dept urges hospitals to patch critical Citrix Bleed bug - The U.S. Department of Health and Human Services warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. Ransomware gangs are already using Citrix Bleed to breach their targets' networks ...
1 year ago Bleepingcomputer.com CVE-2023-4966 LockBit

The Virtual Desktop Revolution: Redefining Work an - A virtual desktop, also referred to as a virtual desktop infrastructure, is a virtualized computing environment that enables users to remotely access and control their desktops from any device with an internet connection. A user who logs in is given ...
1 year ago Feeds.dzone.com

LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed - The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability to breach the systems of large organizations, steal data, and encrypt files. Although Citrix made fixes available for CVE-2023-4966 more than a month ...
1 year ago Bleepingcomputer.com CVE-2023-4966 LockBit

The Future of Virtual Reality in Education - Virtual Reality is rapidly reshaping the landscape of education, offering a powerful and immersive learning experience for students. VR in education offers students the opportunity to explore virtual worlds and engage in realistic simulations, ...
1 year ago Securityzap.com

Citrix warns admins to kill NetScaler user sessions to block hackers - Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks. Besides applying the necessary ...
1 year ago Bleepingcomputer.com CVE-2023-4966 LockBit

Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges - The affected versions include Current Release (CR) versions of Citrix Virtual Apps and Desktops before 2503, and Long Term Service Release (LTSR) versions, including Citrix Virtual Apps and Desktops 2402 LTSR CU2 and earlier versions of 2402 LTSR. ...
6 days ago Cybersecuritynews.com CVE-2025-6759

CVE-2023-3440 - Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 ...
1 year ago

CVE-2022-36407 - Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual ...
1 year ago

HHS warns of 'Citrix Bleed' attacks after hospital outages - The U.S. Department of Health and Human Services is warning hospitals and healthcare facilities across the country to patch a vulnerability known as "Citrix Bleed" that is being used in attacks by ransomware gangs. For weeks, cybersecurity experts ...
1 year ago Therecord.media CVE-2023-4966 LockBit

Two more Citrix NetScaler bugs exploited in the wild The Register - Two vulnerabilities in NetScaler's ADC and Gateway products have been fixed - but not before criminals found and exploited them, according to the vendor. CVE-2023-6548 could allow remote code execution in the appliances' management interface. It ...
1 year ago Go.theregister.com CVE-2023-6548 CVE-2023-6549

Over 1,200 Citrix servers unpatched against critical auth bypass flaw - While Citrix has yet to confirm that this security flaw is being exploited in the wild, saying that "currently, there is no evidence to suggest exploitation of CVE-2025-5777," cybersecurity firm ReliaQuest reported on Thursday with medium confidence ...
2 weeks ago Bleepingcomputer.com CVE-2025-5777

Citrix Bleed exploit lets hackers hijack NetScaler accounts - A proof-of-concept exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. ...
1 year ago Bleepingcomputer.com CVE-2023-4966

Augmented Reality Vs. Virtual Reality - In the realm where Augmented Reality and Virtual Reality converge, a high-stakes game unfolds as these two key players battle for dominance. Augmented Reality and Virtual Reality are two distinct immersive technologies that are often confused. ...
1 year ago Securityzap.com

Hackers use Citrix Bleed flaw in attacks on govt networks worldwide - Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region. Researchers from Mandiant report that four ...
1 year ago Bleepingcomputer.com CVE-2023-4966 CVE-2023-3966

CVE-2020-8247 - Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, ...
4 years ago

CISA orders agencies to immediately patch Citrix Bleed 2, saying bug poses ‘unacceptable risk’ | The Record from Recorded Future News - The bug affects Citrix Netscaler ADC and Netscaler Gateway appliances and the company said exploitation of the vulnerability “on unmitigated appliances have been observed.” Since that advisory, multiple incident responders have warned that the ...
4 days ago Therecord.media CVE-2025-5777

CVE-2020-8245 - Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler ...
4 years ago

CVE-2020-8246 - Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, ...
4 years ago

Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com

Critical Citrix Bleed 2 flaw now likely exploited in attacks - "While no public exploitation of CVE-2025-5777, dubbed "Citrix Bleed 2," has been reported, ReliaQuest assesses with medium confidence that attackers are actively exploiting this vulnerability to gain initial access to targeted environments," warns ...
2 weeks ago Bleepingcomputer.com CVE-2025-5777

Citrix Bleed 2 flaw now believed to be exploited in attacks - "While no public exploitation of CVE-2025-5777, dubbed "Citrix Bleed 2," has been reported, ReliaQuest assesses with medium confidence that attackers are actively exploiting this vulnerability to gain initial access to targeted environments," warns ...
2 weeks ago Bleepingcomputer.com CVE-2025-5777

US Health Dept Urges Hospitals to Patch Critical 'Citrix Bleed' Vulnerability - This week, the US Department of Health and Human Services has warned hospitals of the critical 'Citrix Bleed' Netscaler vulnerability that has been exploited by threat actors in cyberattacks. On Thursday, the department's security team, Health Sector ...
1 year ago Cysecurity.news CVE-2023-4966

Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately - Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability. The company patched this critical sensitive information disclosure flaw two weeks ago, ...
1 year ago Bleepingcomputer.com CVE-2023-4966 Rocke

Azure Serial Console Attack and Defense - This is the second installment of the Azure Serial Console blog, which provides insights to improve defenders' preparedness when investigating Azure Serial Console activity on Azure Linux virtual machines. While the first blog post discussed various ...
1 year ago Msrc.microsoft.com

Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges

Cyber News related to Citrix Windows Virtual Delivery Agent Vulnerability Let Attackers Gain SYSTEM Privileges

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)